Debian Router - Iptables And Sysctl.Conf Configuration

Updated:2021-12-03
Share:

Tody we'll finish configuring our awesome router, in the previous article we'd configured squid proxy, in this article we'll pass all LAN traffic through squid using iptables. 

 
In this debian router articles series also:
  1. Introduction.
  2. Hardware Requirements.
  3. Software installation.
  4. Basic Setup.
  5. /etc/network/Interfaces Configuration.
  6. Unbound dns server setup.
  7. DHCP server setup
  8. Squid setup
  9. Final step iptables and sysctl.conf configuration. (We are Here!)

 

Iptables

We Start by creating a file containing our rules, so lets create /etc/iptables-router.rules

vi /etc/iptables-router.rules
Lets allow all traffic Please note this is a BAD idea, yet we want this to keep it simple for easy debugging, you may skip this step if you like
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
COMMIT
Next NAT all tcp traffic through squid on port 3377 (remember we've changed it from the default 3128)
*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A PREROUTING -s 10.5.5.0/24 -i eth1 -p tcp -m tcp -j REDIRECT --to-ports 3377 -A OUTPUT -s 10.5.5.0/24 -p tcp -m owner ! --uid-owner proxy -m tcp -j REDIRECT --to-ports 3377 -A POSTROUTING -o eth0 -j MASQUERADE COMMIT
Allow traffic through the mangle table, its default to be allowed, this just in case
*mangle
:PREROUTING ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
COMMIT
Save /etc/iptables-router.rules and exit.
 
Next we'd like this file to be loaded whenever the network brought up, so we need to create /etc/network/if-pre-up.d/router with the following content
#! /bin/sh

iptables-restore < /etc/iptables-router.rules

exit 0
Make it executable by running:
chmod a+x /etc/network/if-pre-up.d/router

sysctl.conf configuration

We need to do a few things in /etc/sysctl.conf
First turn source address verfiication by adding/uncommenting the following lines
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
Enable ip address forwarding, by adding/uncommenting the following line:
net.ipv4.ip_forward=1

 

Thats it, time to enjoy : )

you may reboot now to ensure everything is running, or restart each service we sat up one by one if you really know how :P
reboot

-------------------
cheers

Read also

Debian Router - Network Interfaces Configuration

In preparation of using debian as a router, We'll configure network interfaces, after performing initial setup .     In this debian router articles series also: Introduction . Hardware Requirements . Software installation . Basic Setup . /etc/network/Interfaces Configuration. ( We are Here! ) Unbound dns server setup . DHCP server setup . Squid setup. Final step iptables and sysctl.conf configuration .   We'll modify /etc/network/inter...

Debian Router - Setup

In this articles series you will learn how to setup Linux (Debian) as a Router for home/business local networks, to spice things I'll show how to add dns server, proxy/web caching server, and basic web traffic filter to our cute debian box.   In this series I'll go over: Introduction . Hardware Requirements . Software installation . Basic Setup . /etc/network/Interfaces Configuration . Unbound dns server setup . DHCP server setup . Squid setup. Final step i...

Debian Router - Squid Setup

We've configured the dhcp server , so what's for today?! Today we'll configure Squid for caching web traffic and access control.     In this debian router articles series also: Introduction . Hardware Requirements . Software installation . Basic Setup . /etc/network/Interfaces Configuration . Unbound dns server setup . DHCP server setup .  Squid setup . ( We are Here! ) Final step iptables and sysctl.conf configuration .   ...

Debian Router - Unbound Dns Server Setup

In the previous artilce we've configured network interfaces, so by now debian box is connected to internet through WAN-AP on eth0 and to local network throuch LAN-AP on eth1. Today we'll setup unbound dns server to serve dns queries for our awesome LAN clients.     In this debian router articles series also: Introduction . Hardware Requirements . Software installation . Basic Setup . /etc/network/Interfaces Configuration . Unbound dns server setup . ( We...

Debian Router - Dhcp Server Setup

We've learned  previously  how to set up unbound dns server as caching dns server for our LAN users, in this article we'll configure dhcp server from which a unique ip address for each client assigned as a bonus automatically configure dns server settings for them.     In this debian router articles series also: Introduction . Hardware Requirements . Software installation . Basic Setup . /etc/network/Interfaces Configuration . Unbound dns server ...